Re: [tor-relays] Best bandwidth setup for exit node

How do the bandwidth authorities treat a hibernated relay? Does hibernation effectively lower the consensus weight (CW)? If so, and even if the lower CW is temporary, would it then take longer for the CW to climb back up once the relay is out of hibernation? IMHO it seems simpler to just throttle

Re: [tor-relays] switching between exit and guard

Seems like a bad idea. Among other issues, I kinda doubt Digital Ocean is gonna be any happier. They'll still get abuse emails half the month, right? Do you think that's gonna make them like... half mad? ;-) Just run a good guard there full time and find a better home for the exit.

Re: [tor-relays] Syslog: Kernel TCP: Too many orphaned sockets

It's related to /proc/sys/net/ipv4/tcp_max_orphans "Maximal number of TCP sockets not attached to any user file handle, held by system. If this number is exceeded orphaned connections are reset immediately and warning is printed." So, I'd start by checking the value of tcp_max_orphans (with "cat

[tor-relays] is explicit DirPort needed anymore under Tor 0.2.8.6?

The release notes for Tor 0.2.8.6 have this tidbit about the DirPort: "Previously only relays that explicitly opened a directory port (DirPort) accepted directory requests from clients. Now all relays, with and without a DirPort, accept and serve tunneled directory requests that they receive throu

Re: [tor-relays] experiences with debian tor 0.2.8.6 package from deb.torproject.org

> When upgrading, all running tor instances are stopped (not restarted, as expected) > syslog shows: > Interrupt: we have stopped accepting new connections, and will shut down in 30 seconds. Interrupt again to exit now. > Clean shutdown finished. Exiting. > (problem is reproducible) I just ha

Re: [tor-relays] experiences with debian tor 0.2.8.6 package from deb.torproject.org

Sorry, I didn't understand that your daemon didn't restart after the upgrade. I ran through the upgrade on 2 relays, and apt started the service post-upgrade on both. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org

Re: [tor-relays] Any security tips on running a TOR relay?

I'd say the normal server hardening precautions apply. Off the top of my head: - keep software/packages up to date - only use public-key authentication for ssh / disable password-based auth - optionally change the ssh port (it just avoids the worst of the port scanning / brute force attempts) - li

Re: [tor-relays] Any security tips on running a TOR relay?

Tristan: yep, I was assuming a non-exit. Although sure, you can block incoming traffic without affecting outbound traffic with a stateful firewall like iptables. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-

Re: [tor-relays] Any security tips on running a TOR relay?

That's my setup as well. My UFW looks like: To Action From -- -- 80/tcp ALLOW Anywhere 443/tcpALLOW Anywhere xxx/tcp ALLOW Anywhere I have my DirPort set

Re: [tor-relays] Any security tips on running a TOR relay?

Hey Tristan, > Any ideas what in-addr.arp is Yes, this is the standard format for reverse DNS lookups for IPv4 addresses. I'm not sure what command(s) you were using, but in-addr.arpa is an expected result (or intermediate step) of doing something like "host 8.8.4.4" on Linux. The IP octets ar

Re: [tor-relays] Any security tips on running a TOR relay?

P.S. Tristan, here's the explanation from that mailing list... just in case people can't access the link or it goes away: "Yes, it has everything to do with those flag bits. For TCP connections, Linux tends to use a "half-duplex" close sequence where either side of the session can initiate connect

Re: [tor-relays] How to exclude a CDN ?

You could probably enumerate most (if not all) of the subnets for Akamai or CloudFlare or $InsertCDN, but blocking all of them seems like it would be terrible for Tor users since they host so much of the web at this point. So yeah... I think you're out of luck.

Re: [tor-relays] High speed Tor relay advice

Hi i3, Thanks for running relays! Agreed you will want to run multiple instances to make the most of your host. The Xeon E5-2620v3 does have AES-NI, which is good. Other items to consider: - On most linux/unix systems the ulimits will be set too low by default. On debian-like linux, higher limi

Re: [tor-relays] Pi3 mid relay dropping lil bit of packets

Counter-point... transmission errors are not a certainty: RX packets:323526978271 errors:0 dropped:0 overruns:0 frame:0 TX packets:249565709357 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:285274358053849 (285.2 TB) TX bytes

Re: [tor-relays] Web server and TOR bridge at same IP:port

I don't think you will be able to bind two daemons to the same TCP port (443). Maybe you could have something else listening on TCP port 443 and passing the requests onto both places? You might be able to put a single reverse proxy in front on that port, and have that proxy send the requests to t

Re: [tor-relays] Guard Flag without stable Flag

Looks like the guard flag already fell off. In any case I wouldn't worry about this. I think clients probably wouldn't choose a guard without the stable flag? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin

Re: [tor-relays] relay on a vps not exclusively used for tor?

> Most AUPs ban the use of programs designed to use 100% CPU A well-utilized Tor node will max out CPU... ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] relay on a vps not exclusively used for tor?

>> > Most AUPs ban the use of programs designed to use 100% CPU >> >> A well-utilized Tor node will max out CPU... > > Mine hasn't. It peaks at about 30%. It can't even hit the 150Mbps limit I > set. Let me rephrase it then: a well-utilized Tor node _can_ max out CPU. I have two guard/middle nod

Re: [tor-relays] #torstrike

I'm not switching off my relays. I'd prefer to leave the politics to other people. > Fact: The investigation done by Tor Inc, was run by the primary accusers > of Jacob Applebaum. Citation needed. ___ tor-relays mailing list tor-relays@lists.torproject.

Re: [tor-relays] Accounting and the 'Stable' flag

@Ralph https://blog.torproject.org/blog/lifecycle-of-a-new-relay It is normal to experience a dip in traffic. Just keep the relay running and let things play out. It can take weeks for utilization to peak. ___ tor-relays mailing list tor-relays@lists.to

Re: [tor-relays] Accounting and the 'Stable' flag

> I just want to make sure that... the ISP is not throttling traffic without > notification. Yeah, that's a valid concern. Aside from running through some of the M-LAB tests (https://www.measurementlab.net/tests/), it can be hard to predict or detect this. Another issue that can crop up is poor

Re: [tor-relays] #torstrike

Well said grarpamp. > there are plenty of other already existing, interesting, and > upcoming anonymous overlay networks for transporting IP, messaging, > storage and so on. Mind sharing some names here so I can research further? ___ tor-relays mailing

Re: [tor-relays] new relay package for Ubuntu 16.04+

Chad, > 1) anyone can create packages for others without review, 2) security is better These two concepts seem fundamentally at odds. Perhaps I have misunderstood you. How would unreviewed code be better for security? ___ tor-relays mailing list tor-rel

Re: [tor-relays] Guard vs Exit Bandwidth

Don't forget that some traffic enters through guards but lands on hidden services, skipping Exits. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor and Diplomatic Immunity

The whole idea doesn't sit right with me. For one, I'm not sure I'd want any more Five Eyes entities running Exit nodes. Most embassies are already a haven for espionage activity. You'd pretty much have to assume they'd be sniffing the exit traffic. Also, with all the other priorities, I kinda do

Re: [tor-relays] tomhek - the (new) biggest guard relay operator

Yep, there's no enforcement or extra billing for network traffic... at all. They have said this will change in the future. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Node families and guard flags

The Advertised Bandwidth is is significantly lower on TorRelay02HORUS too. Let me quote teor from another recent thread, I think the same info is helpful here: -- begin quote -- Your relay reports a bandwidth based on the amount of traffic it has sustained in any 10 second period over the past da

Re: [tor-relays] log message: [WARN] Failing because we have X connections already.

> I'm limited to 1360 tcp sockets. That's really bad for a Tor node, and I'm not sure you'll be able to work around it effectively. Even my non-exit nodes routinely have 7000 - 8000 established sockets. ___ tor-relays mailing list tor-relays@lists.torpro

Re: [tor-relays] help #3

Have you double-checked the ulimit was applied correctly? Including making sure it's applied to the user account running Tor? Here's how I do that on Ubuntu/Debian, assuming the user account is "debian-tor": sudo su debian-tor --shell /bin/bash --command "ulimit -Sn" sudo su debian-tor --shell

Re: [tor-relays] Question about relay speed

You could also turn the old relay into a bridge. I've read that low bandwidth machines are often better serving the network as bridges, although I don't know what the cutoff value for "low bandwidth" is in this case. ___ tor-relays mailing list tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

@keb: > It is not our problem if someone uses > the telecom network to read/write data to a vulnerable server - it is > the vulnerable server's problem to fix. Sounds great, but this is not how it works in the real world. > The ISP (and Tor network) are > only responsible for delivering the pa

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

@Mirimir: >> IPS aren't perfect - they let some unwanted traffic through, and >> block other traffic that is totally ok. > That is an issue. But there are many exits, so eventually users should > find one that works well enough for their purposes. Re-read what you said and think about this fr

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

@Tristan: > there must be something we can do about this as relay > operators. No, we don't need to do anything. Tor has been running under these principles of uncensored access for a long time. Find an ISP that understands Tor, appreciates the nature of the service and its value, and is willing

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

> You are ignoring completely reality, aren't you? No, I'm describing the status quo, how Tor already operates. "Don't run IPS/Snort on exits" has been a long standing response from the Tor folks. It looks to me like that response is essentially unchanged. _

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

@Markus Okay, so you are offended by the phrase "it's that simple". Sorry, if I could remove that sentence I would. I didn't mean to imply that running an exit was trivial or easy. Otherwise, I stand by my argument -- automated filtering or blocking is not the right answer. The co-founder of Tor

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

> I'm being to think there is no real solution to the problem. As long as Tor > serves its purpose of providing uncensored access to the Internet, bad guys > will always abuse it, and the operators will almost always be at odds with > their ISP. Anything we try to do to block abuse will destroy the

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

>> > for i in subdir/*; do ssh host mkdir -p "$i"; done >> > >> > with an ssh-agent would look pretty exactly the same to the exit node. >> >> OK, so I left out the "Permission denied, please try again." bits :) > > The exit node doesn't see that - that's the point of ssh. It can > at best look a

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

@oconor: > Let me ask you a short question. Have you ever worked with IPS? Yes. Please see my later email in this thread. I have experience with Snort, Bro and proprietary IPS/IDS systems from Cisco and Palo Alto. I also worked at a university's network operations helpdesk, where we received hun

Re: [tor-relays] new warn message: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.

One of my guard relays has a few entries on Oct 06 also: Oct 06 09:04:00.000 [warn] Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS. Oct 06 09:04:00.000 [warn] Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS. Oct 06 10:17:30.000 [warn] Duplicate rendezvous cookie in ESTABLISH_RENDEZV

Re: [tor-relays] Politically correct?

Tor is not perfect and everyone would be wise to learn as much as possible about its limitations (I'd start here: https://www.torproject.org/download/download.html.en#warning). It's still a very useful privacy tool though. Snowden: "I think Tor is the most important privacy-enhancing technology pr

Re: [tor-relays] ISP, Abuses , Intrusion Prevention etc.

>> I set up my own ISP (AS28715) so I could run Tor exits etc without any >> trouble. > > Could you share a bit more about what is involved in doing that? I'd also be very interested in learning more about setting up an ISP for Tor. Is it a non-profit? How many man hours did it take (roughly) to

Re: [tor-relays] monitoring the relay : zabbix?

> How do you monitor the tor relay server and the relay itself, on a remote > box? I like https://www.statuscake.com/ for this and their free plan is sufficient. I'm not affiliated with them, I just like the service. It constantly checks for a response from both the Dir and OR ports of my relays,

Re: [tor-relays] How to Run High Capacity Tor Relays

Pardon the thread necromancy, but I'm wondering if this document ever made its way off this mailing list and onto a blog? Or perhaps there is some other modern doc covering this topic? I've recently setup a relay on a Gb/s fiber connection, and am struggling to understand how to optimize performan

[tor-relays] Guard flag flapping

I have two relays on the same Gb/s connection. I followed the optimization tips offered in another thread, and think I have things running reasonably well. What I don't understand is why the Guard flag keeps flapping back and forth on both relays. https://atlas.torproject.org/#details/89B9AE4C778D

Re: [tor-relays] Guard flag flapping

Thanks for the reply. I had already run tests with both speedtest-cli and iperf3. This server consistently achieves 200 to 300 Mb/s in both directions, with both relays still running, and on some runs is hitting over 800 Mb/s. The BWauth and self-measured bandwidths make no sense to me. Watching

Re: [tor-relays] Guard flag flapping

P.S. Here's some additional data from the server. I just ran these commands, with the two relays still running. $ speedtest-cli Retrieving speedtest.net configuration... Retrieving speedtest.net server list... Selecting best server based on latency... Hosted by City of Sandy-SandyNet Fiber (Sandy,

Re: [tor-relays] Guard flag flapping

Thank you for the thoughtful replies. To clear up a few points: - This is a dedicated bare-metal server -- not a VPS, VM or container. I have physical access to the server, router and ONT. - I would call it a dedicated gigabit link. This is probably up for debate. The provider's overall capacity

Re: [tor-relays] clarification on what Utah State University exit relays store ("360 gigs of log files")

>> If you can confirm that the comment is authentic I'd be interested >> what kind of tor related data you are logging at your exit relays and why. > It's most likely netflow logs. Quite popular in Uni / regional ISP > environments. People collect them for network stats, and to track > down "secur

Re: [tor-relays] Guard flag flapping

On Sat, Aug 8, 2015 at 1:41 AM, wrote: > > I ran some tests against your node. While performance is generally very > good, it has very low performance connecting to some exit nodes. Thanks for running the tests. Which exit nodes led to poor performance? I would like to try to reproduce any perf

Re: [tor-relays] I.P. being Blocked?

Or just search Google for your relay's IP. You'll find several blacklists that contain it and all the other relays. It's not FUD. Here are some more examples: https://www.dan.me.uk/torlist/ https://github.com/ktsaou/blocklist-ipsets/blob/master/dm_tor.ipset https://github.com/ktsaou/blocklist-ipse

Re: [tor-relays] Guard flag flapping

> A simple test you could run on your server is fetching directory info > from nodes that have directory functionality enabled. Thanks for the idea. blutmagie offers a CSV list of its current result set, so this ended up being quite easy to automate. I fetched a copy of the CSV to the server:

Re: [tor-relays] Legal status of operating Tor exit in UK?

> "I'm still not convinced that ToR isn't just an incredibly clever US > government scheme where the US government stealthily operate a majority of > the ToR (exit and intermediate) nodes, leading themselves to be able to > anonymously inspect / MITM traffic from any exit node > they operate, as we

Re: [tor-relays] Exit Node with Onion Pi

> If you're just after something that's > cheap and Pi-sized, you'd probably have better luck with something like > the ODROID C1[0]; you still may not saturate the link though. >From experience, an ODROID box won't help too much. It just doesn't have enough CPU. For a little over $100 (USD), you

Re: [tor-relays] new relay - not working right

Hi. Thanks for running a relay. > For several days now its bandwidth, according to ARM, is in the > bits/second and there seems to be some problem reading its own > torrc file. Also, while it had four connections for a while, there are > none now. Regarding the low bandwidth and a low number of

Re: [tor-relays] new relay - not working right

ClydeBoy is listed three times on Atlas. It appears to be running from the same server, as the IP/port are the same for all 3 nodes, however the fingerprint is different for each instance on Atlas: https://atlas.torproject.org/#details/68F162C50F22205FB3B728ACE67470B17D7430D6 https://atlas.torproj

Re: [tor-relays] new relay - not working right

Pardon the bad copy/paste in the last email. The third listing on Atlas is: https://atlas.torproject.org/#details/3FE1025A1E779CAFD21F593AC200C7447703343D ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/ma

Re: [tor-relays] Tools for managing multiple relays

You could use something like Puppet or Chef to manage multiple nodes. However, the compute resources and time involved with setting up either solution are high enough that it probably wouldn't make sense to do this for only 3 nodes. ___ tor-relays mailing

Re: [tor-relays] Tools for managing multiple relays

> An alternative to Puppet or Chef (and I'm a fan of both) would be > Ansible; it's much simpler to pick up, and uses SSH to connect to > machines to manage them -- no master server needed. You just changed my life. I just hadn't looked into Ansible yet. It took about 5 minutes to setup, and seem

Re: [tor-relays] Tools for managing multiple relays

Due to the variance of performance of VPS instances, the last time I decided to add another single relay, I turned up 4 instances, waited a few days to see which one performed the best, then shut down the others. This only cost a few extra USD, at most, and greatly improved the value of the remaini

Re: [tor-relays] TCP: too many orphaned sockets

> On the new VPS I get the following message (from time to > time lots of them): > "kernel: [XX.XX] TCP: too many orphaned sockets" I'd look at "net.ipv4.tcp_max_orphans". Some VPS providers add their own defaults to /etc/sysctl.conf, so you might want to check there and see if it's alre

Re: [tor-relays] ntpd problems explanation

"ntp/time sync peculiarities in relays" Can you please elaborate? I may have missed an earlier discussion, and a quick Google search isn't providing too much help. I found the ticket below, which is interesting reading, but I'm not sure what specific peculiarities you're referring to. https://tra

Re: [tor-relays] Faravahar messing with my IP address

I see this from time to time as well. Here's another example: Oct 17 23:02:44.000 [notice] Our IP Address has changed from 52.64.142.121 to [CORRECT IP]; rebuilding descriptor (source: 86.59.21.38). 52.64.142.121 appears to be an instance on Amazon's EC2. I don't run any nodes on EC2. 86.59.21.

Re: [tor-relays] Faravahar messing with my IP address

Sina, the ticket 16205 regarding incorrect IPs coming from Faravahar is 5 months old [1]. Have you had a chance to look into the possible explanation Nick Suan mentioned earlier in the thread? It's not exactly confidence-inspiring to see multiple unresolved tickets about Faravahar going back seve

Re: [tor-relays] too many circuit creation requests

> # lsof -Pn | grep "^tor" | grep ESTABLISHED | wc -l > 3169 > # netstat -nt | wc -l > 1599 These values are normal for a relay; exactly what I'd expect from a Pi. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/

Re: [tor-relays] MyFamily format

The correct format for MyFamily is documented here: https://www.torproject.org/docs/faq.html.en#MultipleRelays I'm not sure how important it is to set at this point though? https://trac.torproject.org/projects/tor/ticket/6676 ___ tor-relays mailing list

Re: [tor-relays] HoneyPot?

Mirimir: aside from the nickname, do you have any reason to believe it was out of the ordinary? The exit policy mostly only seems to allow non-encrypted services (80 but not 443, 143 On Thu, Oct 29, 2015 at 1:22 PM, Mirimir wrote: > Anyone know what HoneyPot was/is? > > > https://atlas.torprojec

Re: [tor-relays] HoneyPot?

(Oops, sorry, an errant keyboard shortcut sent the email too early.) Mirimir: aside from the nickname, do you have any reason to believe it was out of the ordinary? The exit policy mostly only seems to allow non-encrypted services (80 but not 443, 143 but not 993), but that alone isn't enough to g

Re: [tor-relays] HoneyPot?

> BTW the exit policy includes 443. My mistake. I didn't realize the policy view on Atlas is truncated. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] HoneyPot?

> I cannot imagine how any TOR operator would block encrypted services > and not be what most reasonable people consider a "Bad exit". It turns out this "HoneyPot" node is NOT blocking encrypted services. They allow ports 443, 993, and other encrypted services. Unfortunately that line of the exit

Re: [tor-relays] 130 "11BX1371" relays joined on 2015-10-30

> The authorities should be rejecting the relays > dropping their traffic soon, I assume now they're > trying to contact the operator before doing that Is there somewhere we can follow the conversation and decisions of the authorities when there are incidents like this? IRC? Another mailing list?

[tor-relays] unlisted exit relay

While visiting https://torstatus.blutmagie.de/ in Tor Browser, I noticed it wasn't detecting the exit node I was being routed through as a relay. Curious, I tried looking up the same IP in both Atlas and Globe, but neither knows of a relay at this IP. The IP of this exit is 104.156.228.115. What s

[tor-relays] Tor Weather not working?

I took a relay offline 2 days ago and still haven't received a notification from Tor Weather. The preferences page confirms everything is configured, but yet, it doesn't seem to be working for me. I checked the spam folder. Is there someplace to file tickets for this, or some other contact info for

Re: [tor-relays] Tor Weather not working?

It seems to be working at least some of the time, as I did receive a notification to the same email address for another node, back in mid-October. If it's not maintained and not expected to work reliably, it should be taken down. I have a hard time believing this is the case though. __

Re: [tor-relays] Tor Weather not working?

I just received the Tor Weather notifications. They were over 2 days late. The email headers show Tor Weather just sent them, and it only took a few seconds for Gmail's MX to receive and accept. I.e., the delay appears to be somewhere on the Tor Weather server side. ___

Re: [tor-relays] Actions required after update?

> is there any action required for somebody running the relay > on a pretty bog-standard Ubuntu 12.04 Linux dedi? > other than sudo apt-get update && sudo apt-get dist-upgrade There is a new OfflineMasterKey feature you can read about here: https://lists.torproject.org/pipermail/tor-relays/2015

Re: [tor-relays] Custom bandwith for different time ranges

> any of these are very likely to wreck your consensus weight situation >From a Tor user's perspective, if a relay is periodically dropping to 250 Kb/s, a low consensus weight for that relay is probably a good thing. ___ tor-relays mailing list tor-relay

Re: [tor-relays] uptime "algorithm"

I'm not sure why operators care so much about the HSDir flag. It naturally comes and goes. Try not worry about it. :) I've noticed that it can take 30+ minutes after a version upgrade before the directory service on my nodes is fully responsive again [1]. I'm not entirely sure what's happening in

Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

> Weasel and velope on #tor-project suggested that I remove DNSCrypt > entirely and let Unbound be a recursive resolver against the root DNS > servers, which I have now done. Jesse would you mind sharing how you configured this? ___ tor-relays mailing l

Re: [tor-relays] Allow user to provide feedback?

Typically users are routed through multiple relays (guard, middle and exit), so the proposed feedback would really be a generic "this circuit is slow" signal, which doesn't help narrow down the problematic relay. ___ tor-relays mailing list tor-relays@lis

Re: [tor-relays] Very unbalanced inbound/outbound connections

"I see a little bit more than twice as much inbound than outbound connections on my (non-exit, non-guard) relay [0]." "looking at the graphs in atlas (as well in arm) shows no significant (= something like twice as much) difference between the inbound and outbound traffic" I'm not sure if you mea

Re: [tor-relays] Debugging my small relay

Is there really a reason to continue running this relay, even as a bridge? It has a consensus weight of 9. Before the upgrade and subsequent fingerprint reset, it was only at cw 16. The mean middle probability fraction was 0.000103%. The mean on the read/write was less than half a kilobyte per seco

[tor-relays] DDoS attack on relay

My hosting provider alerted me of a DDoS attack on one of my relays. It started around 2016-01-26 12:42 UTC. They claim they tried "filtering, routing, and network configuration changes" to mitigate the attack, but as a last resort they temporarily disconnected the host from the network for 3 hours

Re: [tor-relays] routing script

> I spoke with an VPN provider and > they are okay with routing tor traffic over their VPN as long I have > exit rulez etc. The only thing I need is a routing script for Debian > to route all the Tor traffic over the VPN. Anyone can help me out with If I understand correctly you are hoping to set

Re: [tor-relays] NPR story: When A Dark Web Volunteer Gets Raided By The Police

> Of course, but what would they make of it? They might have 200 > perfectly legitimate Tor nodes already, making a blacklist > absolutely useless. So we should do nothing? This logic makes little sense. The directory authorities already have blacklist capabilities, and add known malicious relays

Re: [tor-relays] NPR story: When A Dark Web Volunteer Gets Raided By The Police

@ Tristan re: "What happened to "innocent until proven guilty?" Please note I already said "This particular case is perhaps not so clear cut" @ Markus re: "How do you know a exit server is compromised?" You don't always know. With any skill on the attacker's part, you will NOT know. Still, sometim

Re: [tor-relays] NPR story: When A Dark Web Volunteer Gets Raided By The Police

Who said Tor was against the police? The fact is, in the United States, the FBI and other law enforcement agencies have been known to plant malware, modify hardware, etc., in order to maintain persistent access to machines they wish to monitor. Whether or not you think this is valid in some cases

Re: [tor-relays] DDoS on middle nodes?

One of my non-exit relays was knocked offline by a DDoS on April 10th. It's happened before to another relay as well. My provider isn't especially helpful when it happens. They basically just disable traffic to the node for 3 hours. ___ tor-relays mailin

Re: [tor-relays] Entry Node Problem

> EntryNodes (Myfingerprintgoeshere) > Is this the correct syntax? Remove the parentheses. Comma separated. Ex: EntryNodes TorGuard01,TorGuard02,TorGuard3 https://www.torproject.org/docs/tor-manual.html.en > "EntryNodes" section ___ tor-relays mailin

Re: [tor-relays] Using your own Relay as Entry Node

I'd say it's a tradeoff. You may have more trust of your own entry guard, but you're losing the benefits of guard rotation and possibly making it easier for de-anonymizing attacks to occur. From the man page: "We recommend you do not use these — they are intended for testing and may disappear in fu

Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?

> The likes of GRC.COM make you think that any port not blocked... is bad. > I wondered why if nothing there Because there is a difference between a closed port and a filtered port. Deny vs drop. The less of a fingerprint you offer to attackers, the better. It's security by obscu

Re: [tor-relays] tor buddy is not checking

Not sure why anybody would need that script, but if you're asking about the error, you'd likely need root access to modify ulimits. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relay

Re: [tor-relays] Handling possible abuse requests

You should start with the FAQ, if you haven't already seen it: https://www.torproject.org/docs/faq-abuse.html.en The topic has been addressed many times on the list as well, so I'd suggest searching the archives. You can easily do that via Google with a search like: abuse site:lists.torproje

Re: [tor-relays] Handling possible abuse requests

P.S. https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] What's this Abuse

I'm questioning the competency of the ISP for several reasons. 1) They should be clear in communicating about whatever they view as abuse. Just telling you to "stop" without explanation is unprofessional at best. 2) This doesn't even look like abuse worth reporting (i.e., "welcome to the Internet")

Re: [tor-relays] Port scanning via exit node

There's really nothing to do. Based on the limited logs, it looks like someone was just looking for open TCP port 22 (ssh). You can't really block the scans by source since you don't know the source address (because Tor). You could prevent connections to port 22, but that would prevent everyone els

Re: [tor-relays] Monitoring multiple relays

I use a third-party monitoring service to monitor the Dir and OR ports of all my relays. It's especially useful now that Tor Weather isn't maintained. The service constantly checks for a response from both ports, using several monitoring endpoints around the world, and notifies me of any downtime.

Re: [tor-relays] TOR router install without access to root

@Nils Tor path selection avoids using relays from the same /16 subnet, and I thought it considered the Autonomous System (AS) as well. However now I'm not finding concrete evidence that path selection looks at AS. I found some older academic papers on the subject [1], but nothing in the current sp

Re: [tor-relays] TOR router install without access to root

@Paul: sure. Nils pointed out that a lot of relays using the same hosting provider could be an attack vector, because the provider would be a single point where all the relays' secret keys could be collected. My point is that if you look at the AS (Autonomous System) Number, it's normally the same

Re: [tor-relays] Question on warnings

Hi. Thanks for running a relay. These notice messages are from the monitoring tool Arm, and should not affect the Tor process. If you don't care about Arm and Tor seems to be working okay otherwise, you could safely ignore these messages. In case you want to look into them further, I'll share some

Re: [tor-relays] Questions on traffic differences between two Exit relays in two different locations

I've found that utilization and consensus weight of relays is highly variable, and the causes aren't always easy to pin down. There are a lot of factors that can contribute. A few off the top of my head: - CPU performance. AES-NI helps here. It seems unlikely this is your issue if your CPU utiliza

  1   2   >